The introduction, in the US Senate, of the Cybersecurity Act of 2012 (S 3414), takes the place of Lieberman-Collins Cybersecurity Act (S 2150). It calls for a National Cybersecurity Council, which would be chaired by the Secretary of Homeland Security.
If enacted, crucial privacy concerns would be addressed, with the council working with the operators and owners of critical infrastructures, to minimize cybersecurity risks.
Cybersecurity practices have been under fire, while the ACLU and private individuals have been questioning the role the Federal government would play, as presented in the previous bill, which included mandatory following of agency-enforced standards. In the new bill, these would be optional.
The “toned-down” language of the new bill may help it pass, as support for the initial bill had been fading, especially among Republicans. It’s still not a done deal.
Within the language of the bill, government agency programs for certification remains an area of concern, with how much power the council ultimately has being in question. Questions arise, with the possible regulating of a critical infrastructure sector by a federal agency.
With regard to self-certification, will enforcement be “loose,” as has been suggested by a PDF summary of the bill? Just how much power federal officials will have, remains to be seen.
blog sponsored by The Privacy Council